Wireless networking is a critical domain for the N10-009 exam, covering approximately 15-20% of questions in Domain 2 (Network Implementation). This chapter dives deep into wireless standards (802.11a/b/g/n/ac/ax/be), configuration best practices, frequency bands, channels, and security protocols. You'll learn how Wi-Fi operates at the physical and data link layers, how to deploy and troubleshoot WLANs, and the exact values and defaults you must memorize for exam success. Master this material to confidently answer questions on antenna types, channel bonding, MIMO, and wireless encryption.
Jump to a section
Imagine a party where everyone uses walkie-talkies instead of phones. Each person has a walkie-talkie that can only transmit or listen at one time (half-duplex). Before speaking, they press the talk button and listen for a click (clear channel assessment). If they hear another voice, they wait a random amount of time (backoff) before trying again. The party host (access point) announces rules: which channel to use (frequency band), how loud to speak (transmit power), and a secret code (SSID) to know they're at the right party. If two people speak at once, a garbled mess occurs (collision), and they both stop, wait random times, and retry. To allow more people, the host can split the party into smaller groups (multiple SSIDs/VLANs) or use a faster walkie-talkie (802.11ac vs 802.11n). Security is like a bouncer checking IDs (WPA2/3 authentication) and encrypting conversations (AES). The host also manages handoffs: if you move to another room, you must be passed to the host there (roaming). This mirrors how Wi-Fi uses CSMA/CA, frequency bands, channels, SSIDs, and security protocols to manage multiple devices sharing the airwaves.
Wireless Standards and the 802.11 Family
Wireless networking is governed by the IEEE 802.11 standards. Each amendment defines different physical layer (PHY) characteristics, data rates, frequency bands, and modulation techniques. The N10-009 exam tests your knowledge of the major standards: 802.11a, 802.11b, 802.11g, 802.11n, 802.11ac (Wi-Fi 5), 802.11ax (Wi-Fi 6), and 802.11be (Wi-Fi 7). You must know their frequency bands (2.4 GHz, 5 GHz, 6 GHz for Wi-Fi 6E/7), maximum data rates, channel widths, and the year of introduction.
802.11a (1999): Operates in 5 GHz band, uses OFDM, max 54 Mbps, smaller range due to higher frequency absorption.
802.11b (1999): 2.4 GHz, DSSS, max 11 Mbps, longer range but slower.
802.11g (2003): 2.4 GHz, OFDM, max 54 Mbps, backward compatible with b.
802.11n (2009): Both 2.4 and 5 GHz, MIMO (up to 4 spatial streams), channel bonding (40 MHz), max 600 Mbps.
802.11ac (2013): 5 GHz only (wave 2 added MU-MIMO), channel bonding up to 160 MHz, up to 8 spatial streams, max 6.9 Gbps.
802.11ax (2019): 2.4, 5, and 6 GHz (Wi-Fi 6E), OFDMA, 1024-QAM, up to 9.6 Gbps, improved efficiency in dense environments.
802.11be (2024): 2.4, 5, and 6 GHz, up to 320 MHz channels, 4096-QAM, multi-link operation, target 46 Gbps.
Frequency Bands and Channels
Wi-Fi uses unlicensed spectrum in the ISM (Industrial, Scientific, Medical) bands. The 2.4 GHz band spans 2.400-2.4835 GHz and is divided into 14 channels (only 11 usable in the US, channels 1-11). Each channel is 22 MHz wide (for 802.11b) or 20 MHz (for OFDM). Channels overlap: only 1, 6, and 11 are non-overlapping in 2.4 GHz. The 5 GHz band (5.150-5.850 GHz) has many non-overlapping 20 MHz channels (e.g., 36, 40, 44, 48, 149, 153, 157, 161, 165). DFS (Dynamic Frequency Selection) channels (52-144) require radar detection and may cause delays. The 6 GHz band (5.925-7.125 GHz) for Wi-Fi 6E/7 offers up to 59 non-overlapping 20 MHz channels, with mandatory support for WPA3 and OFDMA.
CSMA/CA and MAC Layer
Wi-Fi uses Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA), not CSMA/CD (used in Ethernet). Because wireless cannot detect collisions (transmit and receive are separate), it avoids them by using: - Clear Channel Assessment (CCA): The station listens for a signal above a threshold (typically -82 dBm for 20 MHz channels). If the medium is busy, it defers. - Interframe Spacing (IFS): Different priority levels use different IFS values: SIFS (16 μs for 802.11a/g/n/ac) for ACK and CTS, PIFS (25 μs) for point coordination, DIFS (34 μs) for regular data. - Random Backoff: After DIFS, stations wait a random number of slot times (9 μs for OFDM) from a contention window (CWmin=15, CWmax=1023) to avoid collisions. - RTS/CTS (Request to Send/Clear to Send): Optional mechanism to reserve the medium. Station sends RTS, AP responds with CTS, all other stations defer for the duration (NAV - Network Allocation Vector).
MIMO and MU-MIMO
Multiple-Input Multiple-Output (MIMO) uses multiple antennas to transmit multiple spatial streams simultaneously, increasing throughput and reliability. 802.11n introduced up to 4 spatial streams; 802.11ac up to 8. MU-MIMO (Multi-User MIMO) allows the AP to transmit to multiple clients simultaneously on the same channel, using beamforming. 802.11ac wave 2 introduced downlink MU-MIMO; 802.11ax added uplink MU-MIMO.
Channel Bonding
Channel bonding combines adjacent 20 MHz channels to increase throughput. 802.11n uses 40 MHz (two channels), 802.11ac uses up to 160 MHz (eight channels), 802.11be up to 320 MHz. However, wider channels are more susceptible to interference and reduce the number of available non-overlapping channels. In 2.4 GHz, 40 MHz channels often overlap with other Wi-Fi and Bluetooth, causing performance degradation.
Security Protocols
WEP (Wired Equivalent Privacy): Broken, uses RC4 with 40- or 104-bit keys. Do not use.
WPA (Wi-Fi Protected Access): Temporary fix, uses TKIP (RC4) with Michael MIC. Deprecated.
WPA2 (802.11i): Mandatory since 2006, uses AES-CCMP for encryption, 4-way handshake for authentication. Pre-shared key (PSK) or 802.1X/EAP.
WPA3 (2018): Uses SAE (Simultaneous Authentication of Equals) for PSK mode, GCMP-256 encryption, and provides forward secrecy. Mandatory for Wi-Fi 6E.
WPA3-Enterprise: Offers 192-bit security suite, EAP-TLS with Suite B cryptography.
Authentication Modes
Open: No authentication, no encryption. Rarely used except for hotspots.
Personal (PSK): Pre-shared key (password) used for authentication. WPA2-PSK uses a 4-way handshake. Vulnerable to offline dictionary attacks.
Enterprise (802.1X): Uses RADIUS server for authentication. Supports EAP methods (EAP-TLS, PEAP, EAP-TTLS). More secure but requires infrastructure.
Configuration and Verification Commands
On a Cisco WLC (Wireless LAN Controller), common commands:
- config wlan create <wlan-id> <profile-name> <ssid>
- config wlan security wpa akm psk set-key <wlan-id> <key>
- config wlan enable <wlan-id>
- show wlan summary
- show client summary
- show ap config general
On a Linux client:
- iw dev wlan0 scan (scan for SSIDs)
- iwconfig wlan0 essid "SSID"
- wpa_supplicant -B -i wlan0 -c /etc/wpa_supplicant.conf
Antenna Types
Omnidirectional: Radiates equally in all directions, used for general coverage.
Directional (Yagi, Patch, Parabolic): Focuses signal in a specific direction, used for point-to-point links.
MIMO: Multiple antennas for spatial diversity and multiplexing.
Dipole: Common on APs, often 2-3 dBi gain.
Power over Ethernet (PoE)
Many APs receive power via PoE (IEEE 802.3af/at/bt). 802.3af provides up to 15.4 W, 802.3at (PoE+) up to 30 W, 802.3bt (PoE++) up to 60-100 W. APs with multiple radios and MIMO may require PoE+.
Roaming
When a client moves between APs, it must reassociate. Fast roaming (802.11r) reduces handoff time by using a cached PMK (Pairwise Master Key) from the original AP. 802.11k (Neighbor Reports) and 802.11v (Network Management) help clients find better APs and optimize roaming.
Troubleshooting
Common issues: - Interference: From other Wi-Fi, Bluetooth, microwaves, cordless phones. Use spectrum analyzer. - Coverage: Weak signal due to distance, obstacles, or antenna misconfiguration. - Capacity: Too many clients on one AP; consider adding more APs and reducing cell size. - Security: Misconfigured encryption or RADIUS server.
Interaction with Related Technologies
VLANs: Multiple SSIDs can map to different VLANs for segmentation.
DHCP: Clients get IP addresses via DHCP; ensure DHCP server is reachable.
DNS: Required for client name resolution.
RADIUS: Used for enterprise authentication.
Firewalls: May block necessary ports (e.g., RADIUS UDP 1812/1813, DHCP UDP 67/68).
Scan for Access Points
A Wi-Fi client (station) actively or passively scans for APs. In active scanning, the client sends Probe Request frames on each channel and waits for Probe Responses from APs. In passive scanning, the client listens for Beacon frames that APs broadcast every 100 ms (default). The client collects SSID, BSSID (MAC), supported data rates, channel, and security information. The client then selects the best AP based on signal strength (RSSI) and security compatibility.
Authenticate and Associate
The client sends an Authentication frame to the AP. For open networks, this is a simple exchange. For WPA2/WPA3, the 4-way handshake begins: (1) AP sends ANonce, (2) Client sends SNonce and MIC, (3) AP sends GTK and MIC, (4) Client sends ACK. After authentication, the client sends an Association Request including capabilities (data rates, HT/VHT capabilities). The AP responds with Association Response containing AID (Association ID) and status.
Obtain IP Address via DHCP
After association, the client sends a DHCP Discover broadcast (if using dynamic IP). The DHCP server (often on the AP or a separate server) offers an IP address, subnet mask, default gateway, and DNS servers. The client sends a DHCP Request, and the server acknowledges with DHCP ACK. The client now has Layer 3 connectivity. If using static IP, this step is skipped.
Data Transmission with CSMA/CA
When the client has data to send, it performs Clear Channel Assessment (CCA). If the channel is idle for DIFS (34 μs for OFDM), it starts a random backoff counter (0 to CW). If the channel becomes busy during backoff, it pauses and resumes after the channel is idle again. When the counter reaches zero, the client transmits. The AP sends an ACK after SIFS (16 μs). If no ACK is received, the client assumes collision and doubles the contention window (up to CWmax) and retries.
Roaming to Another AP
As the client moves, it continuously measures RSSI of the current AP and nearby APs (via scanning or 802.11k Neighbor Reports). When the current AP's signal drops below a threshold (e.g., -70 dBm) and a better AP is available, the client initiates re-association. It sends an Authentication/Association Request to the new AP. If using 802.11r, the client uses cached PMK from the previous AP to speed up the 4-way handshake. The new AP then sends a DHCP renewal (optional) to maintain IP connectivity.
In a large enterprise campus, a network engineer must design a WLAN to support 500+ users across multiple buildings. The engineer deploys 802.11ax (Wi-Fi 6) APs with 4x4 MIMO, using both 2.4 and 5 GHz bands. The 2.4 GHz band is configured with 20 MHz channels (1, 6, 11) for compatibility with legacy devices and to avoid Bluetooth interference. The 5 GHz band uses 80 MHz channels (e.g., channels 36-48 and 149-161) to maximize throughput for high-density areas like auditoriums. Each SSID is mapped to a separate VLAN: a corporate SSID for employees (WPA2-Enterprise with RADIUS), a guest SSID (open with captive portal), and an IoT SSID (WPA2-PSK with MAC filtering). The engineer uses a Wireless LAN Controller (WLC) to manage the APs, configure RRM (Radio Resource Management) for automatic channel and power adjustment, and enable 802.11k/v/r for seamless roaming. Performance considerations: the engineer calculates that each AP can handle about 30-50 active clients (depending on traffic). To cover a large open area, APs are placed every 50-70 feet with overlapping cells (roughly 15-20% overlap for roaming). Common misconfigurations: using the same channel on adjacent APs (co-channel interference), setting transmit power too high (causing sticky clients), or forgetting to enable fast roaming (causing VoIP drops). When troubleshooting, the engineer uses a spectrum analyzer to detect non-Wi-Fi interference (e.g., microwave ovens on channel 11) and adjusts channel selection accordingly. In a warehouse scenario, directional antennas are used along aisles to reduce reflections and improve coverage. The engineer also configures QoS (WMM) to prioritize voice traffic for VoIP handsets. Misconfigured QoS can lead to poor call quality. The engineer regularly monitors the WLC for rogue APs and clients, and uses 802.1X authentication to prevent unauthorized access.
The N10-009 exam (Objective 2.2) tests your ability to compare and contrast wireless standards, configure basic WLAN settings, and troubleshoot common issues. Expect multiple-choice questions on: - Standard identification: Know the year, frequency, max data rate, and key features (e.g., OFDM, MIMO) for 802.11a/b/g/n/ac/ax/be. - Channel selection: Which channels are non-overlapping in 2.4 GHz (1, 6, 11). Why 40 MHz channels in 2.4 GHz cause interference. - Security protocols: Differences between WPA2 and WPA3, TKIP vs AES, PSK vs 802.1X. - Antenna types: When to use directional vs omnidirectional. - POE standards: 802.3af (15.4W), at (30W), bt (60-100W). - Roaming: 802.11r (fast roaming), 802.11k (neighbor reports), 802.11v (network management). - Common wrong answers: Candidates often confuse 802.11ac with 5 GHz only (true) but think it supports 2.4 GHz (false). They may think WPA3 uses TKIP (false, uses AES-GCMP). They might pick 802.11g as the first 5 GHz standard (it's 2.4 GHz). They also mix up CSMA/CA with CSMA/CD. Exam loves to test the exact maximum data rate of 802.11n (600 Mbps) vs 802.11ac (6.9 Gbps). Another trap: asking which standard introduced MIMO (answer: 802.11n, not 802.11ac). Also, remember that 802.11ax supports OFDMA (Orthogonal Frequency Division Multiple Access) and 1024-QAM. For Wi-Fi 6E, the 6 GHz band is used. Edge cases: DFS channels require radar detection; if radar is detected, AP must switch channels within 10 seconds. This can cause temporary disruption. The exam may ask about the purpose of the 4-way handshake (to derive PTK and GTK). Another edge: WPA3-Personal uses SAE (Simultaneous Authentication of Equals) instead of PSK, providing forward secrecy.
Elimination strategy: For standard questions, eliminate options that don't match the frequency band. For security, eliminate anything mentioning WEP or TKIP as secure. For channels, remember only 1,6,11 in 2.4 GHz are non-overlapping. For data rates, higher is not always better; consider range trade-offs.
802.11ac operates only in 5 GHz band; 802.11n supports both 2.4 and 5 GHz.
Non-overlapping channels in 2.4 GHz: 1, 6, 11 (for 20 MHz).
WPA3 uses SAE for authentication and AES-GCMP for encryption, providing forward secrecy.
MIMO was introduced in 802.11n; MU-MIMO in 802.11ac wave 2.
CSMA/CA uses RTS/CTS and backoff to avoid collisions; CSMA/CD is for Ethernet.
PoE standards: 802.3af (15.4W), 802.3at (30W), 802.3bt (60-100W).
DFS channels (52-144 in 5 GHz) require radar detection; AP must switch if radar is detected.
802.11r provides fast roaming by caching PMK; 802.11k provides neighbor reports; 802.11v optimizes client connections.
802.11ax (Wi-Fi 6) introduces OFDMA and 1024-QAM for better efficiency in dense environments.
WPA2-PSK uses a 4-way handshake to derive PTK and GTK; vulnerable to dictionary attacks.
These come up on the exam all the time. Here's how to tell them apart.
WPA2 (802.11i)
Uses AES-CCMP encryption (128-bit key).
Authentication via 4-way handshake with PSK or 802.1X.
Vulnerable to offline dictionary attacks on PSK.
No forward secrecy; captured handshake can be decrypted if PSK is known.
Compatible with most devices since 2006.
WPA3 (2018)
Uses AES-GCMP encryption (128-bit for personal, 256-bit for enterprise).
Authentication via SAE (Simultaneous Authentication of Equals) for personal mode.
SAE resists offline dictionary attacks by using a zero-knowledge proof.
Provides forward secrecy; compromising the password does not decrypt past traffic.
Not backward compatible with WPA2-only devices; requires WPA3 support.
2.4 GHz Band
Frequency range: 2.400-2.4835 GHz.
3 non-overlapping 20 MHz channels (1, 6, 11).
Longer range due to better penetration through obstacles.
More susceptible to interference from Bluetooth, microwaves, cordless phones.
Lower maximum data rates (up to 600 Mbps with 802.11n).
5 GHz Band
Frequency range: 5.150-5.850 GHz.
Many non-overlapping channels (up to 25 with DFS).
Shorter range due to higher frequency absorption.
Less interference from non-Wi-Fi devices.
Higher maximum data rates (up to 6.9 Gbps with 802.11ac).
Mistake
802.11ac operates in both 2.4 GHz and 5 GHz bands.
Correct
802.11ac operates only in the 5 GHz band. 802.11n is the last standard to support both 2.4 and 5 GHz. 802.11ax (Wi-Fi 6) also supports both, plus 6 GHz for Wi-Fi 6E.
Mistake
WPA3 uses TKIP for encryption.
Correct
WPA3 uses AES-GCMP (Galois/Counter Mode Protocol) for encryption, not TKIP. TKIP is deprecated and only used in WPA (first generation). WPA3 also uses SAE for authentication.
Mistake
All 5 GHz channels are non-overlapping and can be used freely.
Correct
5 GHz channels include DFS channels (52-144) that require radar detection. If radar is detected, the AP must vacate the channel within 10 seconds. Also, some channels are restricted for indoor use only (UNII-1).
Mistake
MIMO was introduced in 802.11ac.
Correct
MIMO was introduced in 802.11n (2009). 802.11ac improved MIMO with up to 8 spatial streams and added MU-MIMO in wave 2.
Mistake
CSMA/CA and CSMA/CD are the same mechanism.
Correct
CSMA/CA (Collision Avoidance) is used in Wi-Fi to prevent collisions by using RTS/CTS and backoff timers. CSMA/CD (Collision Detection) is used in Ethernet to detect collisions after they occur. Wi-Fi cannot detect collisions because the transmitter cannot listen while transmitting.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
802.11ac (Wi-Fi 5) operates only in 5 GHz, uses OFDM, up to 8 spatial streams, and MU-MIMO only downlink. 802.11ax (Wi-Fi 6) operates in 2.4, 5, and 6 GHz (Wi-Fi 6E), uses OFDMA (divides channels into smaller subcarriers for multiple users), 1024-QAM, and both downlink and uplink MU-MIMO. 802.11ax also improves battery life with Target Wake Time (TWT). On the exam, know that 802.11ax is designed for high-density environments.
Use channels 1, 6, or 11 (for 20 MHz width) because they are the only non-overlapping channels in the 2.4 GHz band. Using any other channel (e.g., 2 or 3) will overlap with adjacent channels, causing co-channel interference and reduced performance. Avoid 40 MHz channels in 2.4 GHz because they consume two channels and cause significant overlap with neighboring networks.
WPA3 is not backward compatible with WPA2-only devices. However, many modern APs support a mixed mode (WPA2/WPA3 transition mode) that allows both WPA2 and WPA3 clients to connect simultaneously. In this mode, the AP advertises both WPA2 and WPA3 in its beacon, and the client uses whichever it supports. However, security is only as strong as the weakest client (WPA2). For full WPA3 benefits, all clients must support WPA3.
RTS/CTS (Request to Send/Clear to Send) is an optional mechanism in CSMA/CA to reduce collisions from hidden nodes. A station sends an RTS frame, the AP responds with CTS, and all other stations set their NAV (Network Allocation Vector) for the duration. This reserves the medium for the upcoming data frame. RTS/CTS is typically used for large frames or in high-interference environments. The threshold can be configured (e.g., 2347 bytes default).
802.11r (Fast BSS Transition) reduces the time required to roam between APs by caching the Pairwise Master Key (PMK) from the initial authentication. When a client roams to a new AP, it uses the cached PMK to derive a new Pairwise Transient Key (PTK) without going through the full 4-way handshake. This reduces handoff latency to under 50 ms, which is critical for voice and video applications.
A wireless access point (AP) bridges wireless clients to a wired network; it typically has no routing or NAT capabilities. A wireless router combines an AP, a router, a switch, and often a firewall into one device. In enterprise networks, standalone APs are managed by a WLC, while home networks use wireless routers. The exam may ask which device is used for extending a wired network wirelessly (AP) vs providing internet access (router).
The maximum data rate of 802.11n is 600 Mbps, achieved with 4 spatial streams, 40 MHz channel width, and short guard interval (400 ns). However, typical real-world rates are lower due to overhead and interference. The exam may ask for the theoretical maximum, so remember 600 Mbps.
You've just covered Wireless Standards and Configuration — now see how well it sticks with free N10-009 practice questions. Full explanations included, no account needed.
Done with this chapter?